What is GDPR?
GDPR = General Data Protection Regulation. This is a regulation in EU law that is applicable in the UK regarding information privacy (data protection). It also includes strict regulations regarding data transferred outside of the EU.
The aim of GDPR is:
● To ensure peoples’ personal information is handled responsibly;
● There is accountability if their personal data is compromised.
What is data?
Data is information which is:
● Stored on digital devices;
● Part of a filing system;
● Part of an accessible record;
● Recorded by a public authority – such as a school.
It does not apply to paper documents not held in a structured form, for example notes kept on a writing pad in your drawer. Personal data Personal data is any form of data that could be used to identify a person such as name, address, D.O.B, NI number, medical records and ethnicity.
Where might I encounter personal information? Working in a school environment means you may come across personal and sensitive information and should be mindful of GDPR. Some examples include:
Student personal information: student attitudes and observations; contact information; medical notes and attendance. Sensitive personal data: political opinions; religious beliefs and racial/ethnic origin.